Secured by Design - IAM & Cybersecurity Podcast

Mastering AI Security: Top 10 Risks and Mitigations for LLMs

Summary This episode explores the top 10 security risks associated with deploying large language models (LLMs) and AI systems. It provides practical insights and mitigation strategies to help organizations secure their AI implementations effectively. Keywords AI security, LLM risks, prompt injection, data leakage, supply chain security, poisoning, output handling, system prompt leakage, misinformation, resource exhaustion Key  topics Prompt injection vulnerabilities Sensitive data leakage in AI systems Supply chain risks in AI deployment Data and model poisoning techniques Handling AI-generated outputs securely Managing AI agent autonomy and permissions System prompt leakage and its implications Weaknesses in vector and embedding systems Hallucinations and misinformation in AI Resource exhaustion and denial of service in AI Chapters 00:00 Introduction to AI Security Risks 04:55 Prompt Injection: The King of Vulnerabilities 11:48 Supply Chain Vulnerabilities in AI Systems 18:47 Improper Output Handling and Its Risks 24:59 Misinformation and Hallucination Problems Resources OWASP Top 10 for Large Language Models (https://owasp.org/www-project-top-10-for-large-language-model-applications/) Let’s Stay Connected 📧 Email: santosh@getitrightsoln.co.uk 🔗 LinkedIn: linkedin.com/in/kssantosh

Securing Autonomous AI: The OWASP Top 10 Risks Explored

Summary This episode explores the security risks associated with AI agents, focusing on the OWASP top 10 vulnerabilities and practical mitigation strategies. Learn how autonomous systems can be secured to prevent catastrophic failures and protect organizational assets. Key  topics AI agent security risks OWASP top 10 for agent applications Mitigation strategies for autonomous systems Chapters 00:00 The Nine-Second Database Incident 01:42 The Growing Threat of Autonomous System Incidents 02:19 Defining AI Agents and Their Architecture 03:14 Understanding Policies and Human in the Loop (HITL) 05:50 Agent Goal Hijacking and Prompt Injection 07:14 Tool Misuse, Poisoning, and Exploitation 08:53 Identity and Privilege Abuse in AI Agents 09:48 Supply Chain Vulnerabilities in AI Systems 11:40 Unexpected Code Execution Risks 12:55 Memory and Context Poisoning 14:16 Insecure Interagent Communication 15:53 Cascading Failures and Uncontrolled Amplification 17:22 Human Trust Exploitation and Social Engineering 19:01 Rogue Agents and Goal Misalignment 20:35 Five Themes for Securing AI Agents 22:46 Starting Your AI Security Inventory Resources OWASP Top 10 for Agent Tech Applications - https://owasp.org/www-project-top-ten-for-agent-tech-applications/ Cloud Security Alliance Report on AI Incidents - https://cloudsecurityalliance.org/research/ai-security/ Let’s Stay Connected 📧 Email: santosh@getitrightsoln.co.uk 🔗 LinkedIn: linkedin.com/in/kssantosh

How Vercel's Supply Chain Attack Unfolded

Summary This episode dissects the recent Vercel breach, a supply chain attack involving third-party AI tools, OAuth vulnerabilities, and insider risks. It highlights practical steps organizations can take to enhance cybersecurity and prevent similar incidents. Key  topics Supply chain attack involving third-party AI tools OAuth vulnerabilities and permissions management Best practices for environment variable security Incident response and credential rotation strategies Chapters 00:00 The Vercel Breach: An Overview 05:43 The Supply Chain Attack Unfolds 12:45 The Shift in Cybersecurity Paradigms 19:11 The Importance of Trust in Security Keywords cybersecurity, supply chain attack, OAuth, Vercal breach, AI security, cloud security, incident response, third-party risk, environment variables, credential rotation Let’s Stay Connected 📧 Email: santosh@getitrightsoln.co.uk 🔗 LinkedIn: linkedin.com/in/kssantosh

The Mythos Inflection: AI and the Future of Cyber Defense

Summary This episode explores the groundbreaking capabilities of Anthropic's Mythos AI model, its implications for cybersecurity, and how defenders can adapt to this new threat landscape. We discuss the model's ability to autonomously identify and exploit vulnerabilities, the strategic responses from industry leaders, and the importance of critical evaluation amidst hype. Key Topics * Mythos AI capabilities and evaluations * Industry responses and strategic implications * Vulnerability discovery and management in the AI era Chapters 00:00 The Changing Landscape of Cybersecurity 06:38 The Power of Mythos 13:18 OpenAI's Response and Different Approaches 21:46 Strategic Recommendations for Organizations 27:45 The Future of AI in Cybersecurity Resources * Anthropic Cloud Mythos [https://www.anthropic.com/] * GPT-5.4-Cyber by OpenAI [https://openai.com/research/gpt-5-4-cyber] * AI Security Institute - Mythos Evaluation [https://www.aisi.gov.uk/blog/our-evaluation-of-claude-mythos-previews-cyber-capabilities] * Heidy Khlaaf's evaluation [https://x.com/HeidyKhlaaf/status/2041591737563394442] Let’s Stay Connected 📧 Email: santosh@getitrightsoln.co.uk 🔗 LinkedIn: linkedin.com/in/kssantosh

Why Identity Is The Hidden Keystone in Effective GRC Programs

Summary This episode explores the critical relationship between identity and access management (IDAM) and holistic Governance, Risk, and Compliance (GRC) programs. Hosted by Santosh, it delves into how integrated identity management enhances security, compliance, and organizational resilience in the digital age. Key Topics The connection between identity and GRC The evolution of IDAM and its role in security Regulatory frameworks and compliance mapping Risk management lifecycle and identity risk scoring Future trends: Zero Trust, AI, decentralized identity Chapters 00:00 The Importance of GRC and IDAM Integration 02:32 The Holistic Approach to GRC 07:50 The GRC Challenge Landscape 11:21 Defining Identity and Access Management (IDAM) 15:46 How IDAM Enables Governance 18:48 IDAM's Role in Risk Management 22:54 IDAM and Compliance 23:17 Compliance and IDAM: Meeting Regulatory Requirements 27:22 Maturity Levels of IDAM Programs 29:54 Common Pitfalls and How to avoid them 32:42 Key Performance Indicators for GRC and IDAM 35:19 The Future.. 37:56 Conclusion: The Central Role of Identity in GRC Keywords IDAM, GRC, cybersecurity, identity management, compliance, risk management, zero trust, digital transformation, security architecture Let’s Stay Connected 📧 Email: santosh@getitrightsoln.co.uk 🔗 LinkedIn: linkedin.com/in/kssantosh